Online fraud: Increased threats in a real-time world

Banks worldwide increasingly see online fraud as an urgent threat. According to Financial Fraud Action UK, in the UK alone losses from online banking fraud rose by 48 percent in 2014 compared with the previous year. In addition, Kaspersky Lab reported that Brazil has the largest number of users attacked by banking malware (a key modus operandi for online fraud), followed by Russia.

Online, mobile payments create perfect storm

The move online is positive for both the banks and their customers, as online payments can be used to help build that all-important holistic view of a customer. With customers’ growing preferences for mobile devices, opportunities for enhancing customer service delivery, by offering new services such as faster payments, are clear. However, digital channels are more vulnerable to fraud. While the speed and openness of the approach makes banking more convenient, it can also make it easier for fraudsters to access money, and transfer it quickly, without being detected.

And the increasing capability of fraudsters is reflected in the variety of schemes they use. Among the most prevalent are phishing, where fraudsters send emails impersonating legitimate companies, and vishing, a form of voice phishing requiring the intended victim to respond by telephone to an email or phone message. Malware is also ubiquitous – with schemes becoming so well executed that it can be almost impossible for a user to recognise that their devices have been infected. Money mules, people recruited by the fraudsters to transfer money acquired illegally, also contribute to the success of many online banking frauds.

The lack of a consistent pattern to this activity makes it even more challenging for the authorities to analyse. Banks can be attacked repeatedly for a period and react by putting new controls in place, causing activity to then typically drop away, only to return months later once the fraudsters have developed new modus operandi to bypass the controls.

While offering a diverse portfolio of financial products in an environment where the fraud is fast paced and forever changing, most banks have little in the way of viable technology to provide the much-needed protection. Indeed, they can be overly reliant on authentication systems that provide unambiguous identification of users through a combination of components known only to that user - such as user names or PINs.

Staying one step ahead

With new fraud types emerging constantly, banks must take a more sophisticated approach to online fraud detection and be in a state of constant readiness. Careful data monitoring and management is critical from the outset and banks must enhance their data quality and collate and link different data types coming into the organisation.

Because fraud methods are evolving, systems must allow users to quickly configure new scenarios, and modify existing behavioural patterns. However, the impact on fraud levels, and the false positives they’ll generate, must always be understood. To gain this knowledge, systems must allow users to effectively simulate their changes across large volumes of historical data and deploy results into production environments instantly.

Further detection techniques can be added at this stage. These might include anomaly detection to determine new potential areas of fraud and predictive analytics, where historical information is used to identify suspicious behavior. Social network analytics can also be deployed in this context, helping establish links between money mules and fraudster groups.

By using this hybrid of analytics methods, fraud cases can be detected early and accurately. In fact, time is of the essence throughout this whole process and the system must be able to identify high-risk transactions in real time, to potentially block these and route for review by the relevant investigators.

But the process cannot rely on technology alone and users must be empowered to spot new trends and emerging operating methods. This means putting data in the hands of the users, enabling them to quickly drill down to explore areas of risk not previously considered. This gives them the power to ask questions on the fly, without the need to rely on IT, and with the results presented in a user-friendly and visual way. Knowledge gained can then be fed back into ongoing detection models, enabling systems to stay ahead of the curve.

Fraudsters are currently setting the pace in the long-term battle with the banks and the rate of online fraud is increasing, with inventive criminal gangs continuing to develop new fraud types in order to endlessly probe the banks’ defenses.

In this complex environment, financial institutions will increasingly benefit from a hybrid analytics approach, which enables them to understand today’s challenges and implement technology to address them, while constantly evolving to counteract ever-changing threats.